Merge 78dd0d0 into 516e766

checker/Dockerfile

@@ -0,0 +1,11 @@
+FROM golang:1.11-alpine
+
+WORKDIR /go/src/github.com/EFForg/starttls-backend/checker
+
+RUN apk add git
+
+ADD . .
+
+RUN go get github.com/EFForg/starttls-backend/checker/cmd/starttls-check
+
+CMD ["/go/bin/starttls-check"]

checker/mta_sts.go

@@ -1,14 +1,17 @@
 package checker
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"regexp"
 	"strconv"
 	"strings"
+	"time"
 )
 
 // MTASTSResult represents the result of a check for inbound MTA-STS support.
@@ -73,9 +76,12 @@ func getKeyValuePairs(record string, lineDelimiter string,
 	return parsed
 }
 
-func checkMTASTSRecord(domain string) *Result {
+func checkMTASTSRecord(domain string, timeout time.Duration) *Result {
 	result := MakeResult(MTASTSText)
-	records, err := net.LookupTXT(fmt.Sprintf("_mta-sts.%s", domain))
+	ctx, cancel := context.WithTimeout(context.TODO(), timeout)
+	defer cancel()
+	var r net.Resolver
+	records, err := r.LookupTXT(ctx, fmt.Sprintf("_mta-sts.%s", domain))
 	if err != nil {
 		return result.Failure("Couldn't find an MTA-STS TXT record: %v.", err)
 	}
@@ -96,9 +102,10 @@ func validateMTASTSRecord(records []string, result *Result) *Result {
 	return result.Success()
 }
 
-func checkMTASTSPolicyFile(domain string, hostnameResults map[string]HostnameResult) (*Result, string, map[string]string) {
+func checkMTASTSPolicyFile(domain string, hostnameResults map[string]HostnameResult, timeout time.Duration) (*Result, string, map[string]string) {
 	result := MakeResult(MTASTSPolicyFile)
 	client := &http.Client{
+		Timeout: timeout,
 		// Don't follow redirects.
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
@@ -121,7 +128,8 @@ func checkMTASTSPolicyFile(domain string, hostnameResults map[string]HostnameRes
 		}
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	// Read up to 10,000 bytes of response body.
+	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 10000))
 	if err != nil {
 		return result.Error("Couldn't read policy file: %v.", err), "", map[string]string{}
 	}
@@ -182,8 +190,8 @@ func (c Checker) checkMTASTS(domain string, hostnameResults map[string]HostnameR
 		return c.checkMTASTSOverride(domain, hostnameResults)
 	}
 	result := MakeMTASTSResult()
-	result.addCheck(checkMTASTSRecord(domain))
-	policyResult, policy, policyMap := checkMTASTSPolicyFile(domain, hostnameResults)
+	result.addCheck(checkMTASTSRecord(domain, c.timeout()))
+	policyResult, policy, policyMap := checkMTASTSPolicyFile(domain, hostnameResults, c.timeout())
 	result.addCheck(policyResult)
 	result.Policy = policy
 	result.Mode = policyMap["mode"]

checker/totals.go

@@ -48,9 +48,21 @@ func (t *DomainTotals) HandleDomain(r DomainResult) {
 }
 
 func (t DomainTotals) String() string {
-	s := strings.Join([]string{"time", "source", "attempted", "with_mxs", "mta_sts_testing", "mta_sts_enforce"}, "\t") + "\n"
-	s += fmt.Sprintf("%v\t%s\t%d\t%d\t%d\t%d\n", t.Time, t.Source, t.Attempted, t.WithMXs, len(t.MTASTSTesting), len(t.MTASTSEnforce))
-	return s
+	vals := []interface{}{
+		t.Time,
+		t.Source,
+		t.Attempted,
+		t.WithMXs,
+		len(t.MTASTSTesting),
+		len(t.MTASTSEnforce),
+		t.MTASTSTesting,
+		t.MTASTSEnforce,
+	}
+	strs := make([]string, len(vals))
+	for i := 0; i < len(vals); i++ {
+		strs[i] = fmt.Sprintf("%v", vals[i])
+	}
+	return strings.Join(strs, "\t")
 }
 
 // ResultHandler processes domain results.
@@ -76,6 +88,7 @@ func (c *Checker) CheckCSV(domains *csv.Reader, resultHandler ResultHandler, dom
 			data, err := domains.Read()
 			if err != nil {
 				if err != io.EOF {
+					log.Println("Error reading CSV")
 					log.Fatal(err)
 				}
 				break